Signal-Android icon indicating copy to clipboard operation
Signal-Android copied to clipboard
verified publisher icon signalapp

Punycode and Umlaut URLs Not Clickable in Signal Desktop and Mobile

Open elpatron68 opened this issue 2 months ago • 6 comments

Guidelines

  • [x] I have searched searched open and closed issues for duplicates
  • [x] I am submitting a bug report for existing functionality that does not work as intended
  • [x] This isn't a feature request or a discussion topic

Bug description

Description:

After the latest update, URLs containing Punycode (e.g., https://xn--hrdle-jua.de/) and URLs with Umlauts (e.g., https://hördle.de/) are no longer rendered as clickable links in Signal Desktop (Windows, version unknown) and Signal Mobile (Android 7.66.5). Previously, these URLs were clickable and displayed correctly.

Steps to Reproduce:

Open Signal Desktop or Signal Mobile. Send or receive a message containing a URL with Punycode or Umlauts. Attempt to click the URL. Expected Behavior:

URLs with Punycode and Umlauts should be rendered as clickable links in both Signal Desktop and Mobile versions.

Actual Behavior:

The URLs are displayed as plain text and are not clickable, hindering easy access.

Additional Information:

The issue started after the latest update. This affects both desktop and mobile versions. Let me know if there’s anything else you need!

Screenshots

No response

Device

No response

Android version

No response

Signal version

No response

Link to debug log

No response

elpatron68 avatar Dec 03 '25 18:12 elpatron68

@elpatron68 Do you happen to know which version of the Android app was rendering those as clickable links?

jeffrey-signal avatar Dec 03 '25 21:12 jeffrey-signal

Unfortunately, I can't answer that question. I'm pretty sure it was still working at the beginning of this week.

elpatron68 avatar Dec 03 '25 21:12 elpatron68

Not sure about desktop, but looking at the commit history I don't think those links would have been clickable on Android since 2023. We'll look into getting it fixed, though.

jeffrey-signal avatar Dec 04 '25 04:12 jeffrey-signal

Not sure about desktop, but looking at the commit history I don't think those links would have been clickable on Android since 2023. We'll look into getting it fixed, though.

Was clickable at least until 11/29/2025 on Android.

Holger-S avatar Dec 04 '25 08:12 Holger-S

We prevent linkification of url's that mix ascii+non-ascii characters. It was meant to be a simple protection against homograph attacks. We could probably make it better and allow common non-homographic characters.

greyson-signal avatar Dec 05 '25 21:12 greyson-signal

I understand that this is problematic. I was just wondering why the domain I am currently working on (see above) was rendering without any problems until recently. I would of course be very happy if this would work again in the future.

elpatron68 avatar Dec 05 '25 23:12 elpatron68